Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 37bc4fd5 by security tracker role at 2021-07-01T20:10:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2021-3632 + RESERVED +CVE-2021-36090 + RESERVED +CVE-2020-36416 + RESERVED +CVE-2020-36415 + RESERVED +CVE-2020-36414 + RESERVED +CVE-2020-36413 + RESERVED +CVE-2020-36412 + RESERVED +CVE-2020-36411 + RESERVED +CVE-2020-36410 + RESERVED +CVE-2020-36409 + RESERVED +CVE-2020-36408 + RESERVED CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...) - libgrokj2k <unfixed> (bug #990525) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 @@ -82,9 +104,9 @@ CVE-2020-36396 CVE-2020-36395 RESERVED CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...) - - libressl <itp> (bug #754513) + - libressl <itp> (bug #754513) CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...) - - libressl <itp> (bug #754513) + - libressl <itp> (bug #754513) CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...) - unrar-nonfree <unfixed> (bug #990541) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 @@ -1662,10 +1684,10 @@ CVE-2021-35339 RESERVED CVE-2021-35338 RESERVED -CVE-2021-35337 - RESERVED -CVE-2021-35336 - RESERVED +CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...) + TODO: check +CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...) + TODO: check CVE-2021-35335 RESERVED CVE-2021-35334 @@ -7509,12 +7531,12 @@ CVE-2021-32733 RESERVED CVE-2021-32732 RESERVED -CVE-2021-32731 - RESERVED -CVE-2021-32730 - RESERVED -CVE-2021-32729 - RESERVED +CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check CVE-2021-32728 RESERVED CVE-2021-32727 @@ -9851,8 +9873,8 @@ CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-2 NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications) CVE-2021-31814 RESERVED -CVE-2021-31813 - RESERVED +CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...) + TODO: check CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...) - libpdfbox2-java <unfixed> - libpdfbox-java <undetermined> @@ -18081,10 +18103,10 @@ CVE-2021-28426 RESERVED CVE-2021-28425 RESERVED -CVE-2021-28424 - RESERVED -CVE-2021-28423 - RESERVED +CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers Record M ...) + TODO: check +CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record Management S ...) + TODO: check CVE-2021-28422 RESERVED CVE-2021-28421 (FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/f ...) @@ -18809,8 +18831,8 @@ CVE-2021-28129 RESERVED CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...) NOT-FOR-US: Strapi -CVE-2021-28127 - RESERVED +CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...) + TODO: check CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...) NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG) CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of ...) @@ -19958,10 +19980,10 @@ CVE-2021-27663 RESERVED CVE-2021-27662 RESERVED -CVE-2021-27661 - RESERVED -CVE-2021-27660 - RESERVED +CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...) + TODO: check +CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...) + TODO: check CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter, ...) NOT-FOR-US: exacqVision Web Service CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...) @@ -20353,8 +20375,8 @@ CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected produc NOT-FOR-US: ZOLL Defibrillator Dashboard CVE-2021-27478 RESERVED -CVE-2021-27477 - RESERVED +CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...) + TODO: check CVE-2021-27476 RESERVED CVE-2021-27475 @@ -32416,16 +32438,16 @@ CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphon NOT-FOR-US: Huawei CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) NOT-FOR-US: Huawei -CVE-2021-22347 - RESERVED +CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) + TODO: check CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...) NOT-FOR-US: Huawei CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...) NOT-FOR-US: Huawei -CVE-2021-22344 - RESERVED -CVE-2021-22343 - RESERVED +CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) + TODO: check +CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei Smartphone. Su ...) + TODO: check CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A modul ...) NOT-FOR-US: Huawei CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A resource ma ...) @@ -51314,10 +51336,10 @@ CVE-2020-27364 RESERVED CVE-2020-27363 RESERVED -CVE-2020-27362 - RESERVED -CVE-2020-27361 - RESERVED +CVE-2020-27362 (An issue exists within the SSH console of Akkadian Provisioning Manage ...) + TODO: check +CVE-2020-27361 (An issue exists within Akkadian Provisioning Manager 4.50.02 which all ...) + TODO: check CVE-2020-27360 RESERVED CVE-2020-27359 (A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before ...) @@ -95637,8 +95659,8 @@ CVE-2020-9160 RESERVED CVE-2020-9159 RESERVED -CVE-2020-9158 - RESERVED +CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei Smartpho ...) + TODO: check CVE-2020-9157 RESERVED CVE-2020-9156 @@ -106765,8 +106787,8 @@ CVE-2020-4937 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0. NOT-FOR-US: IBM CVE-2020-4936 RESERVED -CVE-2020-4935 - RESERVED +CVE-2020-4935 (IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerab ...) + TODO: check CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to traverse ...) NOT-FOR-US: IBM CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...) @@ -106831,8 +106853,8 @@ CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for Multipla NOT-FOR-US: IBM CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has intercep ...) NOT-FOR-US: IBM -CVE-2020-4902 - RESERVED +CVE-2020-4902 (IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulner ...) + TODO: check CVE-2020-4901 (IBM Robotic Process Automation with Automation Anywhere 11.0 could all ...) NOT-FOR-US: IBM CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37bc4fd5ef6f8621d62283d43ee805beb7eb7000 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37bc4fd5ef6f8621d62283d43ee805beb7eb7000 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits